We’re Still Here to Help (Even Over the Holidays!) - find out more here.
Forum Discussion
No Response to Authorize Command
After I set up my app at DropBox, I did a call from my database application to: the /oauth2/authorize endpoint with my client ID and redirect URI as parameters. I got the response: 302 Found\r\nT...
DB-Des
Dropbox Community Moderator
Dropbox Community ModeratorThe /oauth2/authorize endpoint isn't an API call—it's the web page that lets the user sign in to Dropbox and authorize your app. Meaning, users are meant to navigate to it to authorize your app.
Once users authorize your app, then the redirect to your redirect URI happens. The type of response, or query parameters appended to your redirect URI, varies based on the "response_type".
Thanks. I'm doing this from our database app, so I need something that is an API call. We need to be able to load files to our DropBox and send links to people authorized to view them. Can you tell me what call I should be using?
- DB-Des
In order to authorize your app for the first time, there needs to be user interaction for that first step.
You can then get a long-term access token, by requesting "offline" access, where further manual user intervention is not needed. When requesting "offline" access, the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.
When you use one of our official SDKs, you do not need to implement all of the logic for this process yourself. The SDK will do most of the work for you.
Are you saying this needs to be done from a webpage? I've worked with a number of APIs that generate a token and then you need to refresh it periodically, but in those cases the initial step could also be done through the API only. What would I need to do to do that? I'm not using any of the programming languages you show in your SDK list. I'm doing this in a custom database application which can issue HTTP commands or terminal commands. If I can get the appropriate syntax for the commands, I could do it.
Thanks.
- DB-Des
Hi RandySK,
The initial authorization step has to be done on a webpage, yes, where there must be user interaction. The next steps can be done programmatically, i.e. no user interaction is needed.
At a high-level: A request needs to be sent to the /oauth2/token endpoint with the authorization code obtained from the first step, as such:
curl https://api.dropbox.com/oauth2/token \ -d code=<AUTHORIZATION_CODE> \ -d grant_type=authorization_code \ -d redirect_uri=<REDIRECT_URI> \ -d client_id=<APP_KEY> \ -d client_secret=<APP_SECRET>For apps with "offline" access, the response from the above request will return both an access token (short-lived) and a refresh token (does not expire).
The refresh token can be stored securely as it can be used repeatedly.
When a new access token (short-lived) is needed, a request needs to be sent to the /oauth2/token endpoint, with the refresh token and the "grant_type" set to "refresh_token", like so:
curl https://api.dropbox.com/oauth2/token \ -d grant_type=refresh_token \ -d refresh_token=<REFRESH_TOKEN> \ -d client_id=<APP_KEY> \ -d client_secret=<APP_SECRET>I hope this provides more clarity!
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
